Abstract
Common authentication methods based on passwords, or fingerprints in smartphones, depend on user participation. They do not protect against the threat of an attacker getting hold of the phone after the user has been authenticated. Using a victim’s smartphone, the attacker can launch impersonation attacks, which threaten the data that can be accessed from the smartphone and also the security of other users in the network. In this paper, we propose an implicit authentication method using the sensors already built into smartphones. We utilize machine learning algorithms for smartphones to continuously and implicitly authenticate the current user. We compare two typical machine learning methods, SVM and KRR, for authenticating the user. We show that our method achieves high performance (more than 90 % authentication accuracy) and high efficiency. Our method needs less than 10 s to train the model and 20 s to detect an abnormal user. We also show that the combination of more sensors provides better accuracy. Furthermore, our method enables adjusting the security level by changing the sampling rate.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
ConsumerReports, Keep your phone safe: How to protect yourself from wireless threats, Consumer Reports, Technical (2013)
Kayacık, H.G., Just, M., Baillie, L., Aspinall, D., Micallef, N.: Data driven authentication: on the effectiveness of user behaviour modelling with mobile device sensors. In: Mobile Security Technologies (2014)
Zhu, J., Wu, P., Wang, X., Zhang, J.: Sensec: mobile security through passive sensing. In: International Conference on Computing, Networking and Communications (2013)
Buthpitiya, S., Zhang, Y., Dey, A.K., Griss, M.: n-gram geo-trace modeling. In: Pervasive Computing (2011)
Trojahn, M., Ortmeier, F.: Toward mobile authentication with keystroke dynamics on mobile hones and tablets. In: 2013 27th International Conference on Advanced Information Networking and Applications Workshops (WAINA) (2013)
Li, L., Zhao, X., Xue, G.: Unobservable re-authentication for smartphones. In: Network and Distributed System Security Symposium (2013)
Nickel, C., Wirtl, T., Busch, C.: Authentication of smartphone users based on the way they walk using k-nn algorithm. In: 2012 Eighth International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP) (2012)
Wu, P., Zhu, J., Zhang, J.Y.: Mobisens: a versatile mobile sensing platform for real-world applications. Mob. Netw. Appl. 18(1), 60–80 (2013)
Xu, Z., Bai, K., Zhu, S.: Taplogger: inferring user inputs on smartphone touchscreens using on-board motion sensors. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks (2012)
Marquardt, P., Verma, A., Carter, H., Traynor, P.: (sp) iphone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In: ACM Conference on Computer and Communications Security (2011)
Michalevsky, Y., Boneth, D., Nakibly, G.: Gyrophone: recognizing speech from gyroscope signals. In: USENIX Security (2014)
Vapnik, V.N., Vapnik, V.: Statistical Learning Theory, vol. 2. Wiley, New York (1998)
Anguita, D., Ghio, A., Oneto, L., Parra, X., Reyes-Ortiz, J.L.: Human activity recognition on smartphones using a multiclass hardware-friendly support vector machine. In: Bravo, J., Hervás, R., Rodríguez, M. (eds.) IWAAL 2012. LNCS, vol. 7657, pp. 216–223. Springer, Heidelberg (2012)
Cristianini, N., Shawe-Taylor, J.: An Introduction to Support Vector Machines and Other Kernel-Based Learning Methods. Cambridge University Press, Cambridge (2000)
Gentile, C., Warmuth, M.K.: Linear hinge loss and average margin. In: Conference and Workshop on Neural Information Processing Systems, vol. 11, pp. 225–231 (1998)
Chang, C.-C., Lin, C.-J.: LIBSVM: a library for support vector machines. ACM Trans. Intell. Syst. Technol. 2, 27:1–27:27 (2011)
Hastie, T., Tibshirani, R., Friedman, J., Hastie, T., Friedman, J., Tibshirani, R.: The elements of statistical learning, vol. 2(1). Springer, New York (2009)
Hoerl, A.E., Kennard, R.W.: Ridge regression: biased estimation for nonorthogonal problems. Technometrics 12(1), 55–67 (1970)
Acknowledgements
This work was supported in part by the National Science Foundation under grant NSF CNS-1218817. Any opinions, findings, and conclusions or recommendations expressed in this work are those of the authors and do not necessarily reflect the views of NSF.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Lee, WH., Lee, R.B. (2015). Implicit Authentication for Smartphone Security. In: Camp, O., Weippl, E., Bidan, C., Aïmeur, E. (eds) Information Systems Security and Privacy. ICISSP 2015. Communications in Computer and Information Science, vol 576. Springer, Cham. https://doi.org/10.1007/978-3-319-27668-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-27668-7_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27667-0
Online ISBN: 978-3-319-27668-7
eBook Packages: Computer ScienceComputer Science (R0)